Systems and methods of risk based rules for application control

摘要

In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.

主权项

1. An agent comprising:
a monitor module, executing on a computing device, configured to monitor the computing device for an instruction to execute a legitimate application on the computing device, the legitimate application comprising a non-malware application; an application identification module configured to identify one or more attributes of the legitimate application; a vulnerability module configured to retrieve risk information based on the one or more attributes of the legitimate application, the risk information determined from known vulnerabilities of the legitimate application, the risk information including a risk value associated with the legitimate application; a rules database for storing a rule associated with the risk information; and a rule module configured to retrieve the rule from the rules database based on the risk information and to control the legitimate application based on a comparison of the risk value and a predetermined threshold risk value defined by the rule.